Tuesday, June 01, 2010

Is China tuning into your cellphone?

Anil Pandey investigates how import of chinese SIMs can compromise national security and he finds the DoT not ignorant but wilfully negligent

The technical terms used by Rajesh Kumar (name changed) were coming like bouncers. He read my mind and brought out two mobile handsets. He handed one to me and asked me to call my wife. After I finished talking to her, Rajesh asked me to call her once more. But this time, the voice on the other side was not that of my wife. It was Rajesh. Rajesh smiled and said, “Why don’t you send her a message?” After I sent it, Rajesh brought his handset forward and showed me. I was dumbfounded. How could the message land in his phone? Rajesh soon clarified, “We have put a spyware on the mobile. Not only we can eavesdrop on your conversations (by diverting your calls using SIM) but we can read your messages and send messages from your number. We can trace your location and we can block your phone.” The risk of spyware always exists in SIM (operating system or application) if the SIM is not produced in a secure environment under control. SIM is the most critical equipment in mobile telephony. It is not only instrumental in authenticating against the mobile network but also the unique identity of the subscriber. Rajesh is a technical expert of communication instruments.

I wondered if in my place, this spyware would be in the phone of a scientist at Indian Space Research Organisation or a senior Army officer or an officer of the ministry of finance or ministry of home? All important information could reach the enemy. That my thoughts were not fanciful was corroborated by the apprehensions expressed by the ministry of home (MHA) and various Intelligence agencies. The MHA has already communicated to the ministry concerned about the possibility of Chinese companies embedding spywares into instruments and software being sold to the Indian cellular operators which might be used to acquire important information. Even then, lakhs of SIM cards are reaching India every week. The Smart card Forum of India reveals that between January and March, 2010, 4.5 crore cards have reached India.

The Department of Telecommunication (DoT) of the ministry of communication and IT issued a circular to cellular operators on December 3, 2009. According to this circular, any operator buying any software or equipment will have to get a security clearance. It was on this basis that the government did not permit several cellular operators to use instruments of Huawei and other such Chinese companies. The circular says, “The Licensee shall apply to the Licensor for security clearance, along with the details of the equipment as well as detail of equipment suppliers and manufacturers including original equipment manufacturers (OEM), before placement of the final purchase order of procurement/ up gradation of equipment/ software for provisioning of telecommunications service under the licence.” It is clear that no cellular operator can buy any equipment without the government’s permission. But before we reveal that how officials at the ministry have their own interpretation of the circular, thereby jeopardizing the security of the nation, you should know that SIM cards made in China are security hazards. In the past, terrorists had used Chinese mobile handsets without IMEI numbers, prompting the government to ban those.